New ransomware spreads globally
[Update] Read: The WannaCry ransomware cyber attack in detail: dig.watch/trends/wannacry
A new version of ransomware, dubbed WannaCry, has quickly spread worldwide and infected thousands of devices across many countries. The New York Times reported that WannaCry has hit the UK hospitals forcing public health system National Health Service to accept only the most urgent patients, and froze computers at the Russian Ministry of Interior, while MalwareTech security researcher reported almost 200,000 infected computers in all the continents. Similarly to other types of ransomware, WannaCry encrypts data on the infected device and demands a ransom of $300 in BitCoins to be paid to a given Bitcoin wallet within several days, otherwise the data will remain locked. Unlike other versions, however, WannaCry propagates through the network and infects computers like a worm – that is even if their users have not activated the infected file or link – allowing its massive effect. This was made possible by exploiting the vulnerability in Windows, called EternalBlue, which recently leaked from the NSA cyber-tools repository, Forbes reports. While Microsoft has issued a patch for this vulnerability in March already, many computers – especially in bigger systems that have complex procedures – have not yet installed the patches, and are being infected. The MalwareTech researcher realised that the WannaCry code demands infected computers to regularly contact a certain non-existing Internet domain, and registered such domain to create the map of infected computers. It appeared, however, that this served as a kill-switch for the malware spread, which was built in by the criminals to be able to abandon the infection process if needed. While the infection has been accidentally stopped, experts warn that a new form of ransomware will emerge very soon, and invite users, institutions and companies to update their Windows promptly.